Vergleich inc/datahandlers/login.php - 1.8.0 - 1.8.20

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 41	Zeile 41
*/ public $login_data = array();	*/ public $login_data = array();
	/** * @var bool */
public $captcha_verified = true;	public $captcha_verified = true;
	/** * @var bool\|captcha */
private $captcha = false;	private $captcha = false;
	/** * @var int / public $username_method = null; /* * @param int $check_captcha */
function verify_attempts($check_captcha = 0)	function verify_attempts($check_captcha = 0)
{ global $db, $mybb;	{ global $db, $mybb;
$user = &$this->data; if($check_captcha) { if(!isset($mybb->cookies['loginattempts']))	$user = &$this->data; if($check_captcha) { if(!isset($mybb->cookies['loginattempts']))
{	{
$mybb->cookies['loginattempts'] = 0; } if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] \|\| (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))	$mybb->cookies['loginattempts'] = 0; } if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] \|\| (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
Zeile 64	Zeile 78
} } }	} } }
	/** * @return bool */
function verify_captcha() { global $db, $mybb;	function verify_captcha() { global $db, $mybb;
$user = &$this->data;	$user = &$this->data;
if($user['imagestring'] \|\| $mybb->settings['captchaimage'] != 1) { // Check their current captcha input - if correct, hide the captcha input area	if($user['imagestring'] \|\| $mybb->settings['captchaimage'] != 1) { // Check their current captcha input - if correct, hide the captcha input area
Zeile 104	Zeile 121
} }	} }
	/** * @return bool */
function verify_username() {	function verify_username() {
global $db, $mybb; $user = &$this->data; $username = $db->escape_string(my_strtolower($user['username'])); $query = $db->simple_select("users", "COUNT(*) as user", "LOWER(username) = '{$username}' OR LOWER(email) = '{$username}'", array('limit' => 1));	$this->get_login_data();

if($db->fetch_field($query, 'user') != 1)	if(!$this->login_data['uid'])
{ $this->invalid_combination(); return false; }	{ $this->invalid_combination(); return false; }
// Add username to data $this->login_data['username'] = $username;	return true;
}	}
	/** * @param bool $strict * * @return bool */
function verify_password($strict = true) {	function verify_password($strict = true) {
global $db, $mybb;	global $db, $mybb, $plugins; $this->get_login_data();
if(empty($this->login_data['username'])) {	if(empty($this->login_data['username'])) {
Zeile 133	Zeile 154
$this->invalid_combination(); return false; }	$this->invalid_combination(); return false; }
	$args = array( 'this' => &$this, 'strict' => &$strict, ); $plugins->run_hooks('datahandler_login_verify_password_start', $args);
$user = &$this->data;	$user = &$this->data;
$password = md5($user['password']); $username = $this->login_data['username']; $options = array( 'fields' => array('username', 'password', 'salt', 'loginkey', 'coppauser', 'usergroup') ); $this->login_data = get_user_by_username($username, $options);
if(!$this->login_data['uid'] \|\| $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)	if(!$this->login_data['uid'] \|\| $this->login_data['uid'] && !$this->login_data['salt'] && $strict == false)
{	{
$this->invalid_combination(); }	$this->invalid_combination(); }

if($strict == true) { if(!$this->login_data['salt'])	if($strict == true) { if(!$this->login_data['salt'])
{ // Generate a salt for this user and assume the password stored in db is a plain md5 password $this->login_data['salt'] = generate_salt(); $this->login_data['password'] = salt_password($this->login_data['password'], $this->login_data['salt']); $sql_array = array( "salt" => $this->login_data['salt'], "password" => $this->login_data['password'] ); $db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); }	{ // Generate a salt for this user and assume the password stored in db is a plain md5 password $password_fields = create_password($this->login_data['password']); $this->login_data = array_merge($this->login_data, $password_fields); $db->update_query("users", $password_fields, "uid = '{$this->login_data['uid']}'"); }
if(!$this->login_data['loginkey']) { $this->login_data['loginkey'] = generate_loginkey();	if(!$this->login_data['loginkey']) { $this->login_data['loginkey'] = generate_loginkey();
Zeile 175	Zeile 189
$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); }	$db->update_query("users", $sql_array, "uid = '{$this->login_data['uid']}'"); }
}	}

$salted_password = md5(md5($this->login_data['salt']).$password);	$plugins->run_hooks('datahandler_login_verify_password_end', $args);

if($salted_password != $this->login_data['password'])	if(!verify_user_password($this->login_data, $user['password']))
{ $this->invalid_combination(true); return false; }	{ $this->invalid_combination(true); return false; }
	return true;
}	}
	/** * @param bool $show_login_attempts */
function invalid_combination($show_login_attempts = false) { global $db, $lang, $mybb;	function invalid_combination($show_login_attempts = false) { global $db, $lang, $mybb;
Zeile 199	Zeile 218
$login_text = ''; if($show_login_attempts) {	$login_text = ''; if($show_login_attempts) {
if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1)	if($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1 && $this->login_data['uid'] != 0)
{	{
$logins = login_attempt_check(false) + 1;	$logins = login_attempt_check($this->login_data['uid'], false) + 1;
$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); } }	$login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins); } }
Zeile 220	Zeile 239
} }	} }
	function get_login_data() { global $db, $settings; $user = &$this->data; $options = array( 'fields' => '', 'username_method' => (int)$settings['username_method'] ); if($this->username_method !== null) { $options['username_method'] = (int)$this->username_method; } $this->login_data = get_user_by_username($user['username'], $options); } /* * @return bool */
function validate_login() { global $plugins, $mybb;	function validate_login() { global $plugins, $mybb;
Zeile 228	Zeile 269
$plugins->run_hooks('datahandler_login_validate_start', $this);	$plugins->run_hooks('datahandler_login_validate_start', $this);
$this->verify_attempts($mybb->settings['captchaimage']);	if(!defined('IN_ADMINCP')) { $this->verify_attempts($mybb->settings['captchaimage']); }
if(array_key_exists('username', $user))	if(array_key_exists('username', $user))
{	{
$this->verify_username();	$this->verify_username();
}	}
if(array_key_exists('password', $user)) { $this->verify_password();	if(array_key_exists('password', $user)) { $this->verify_password();
}	}
$plugins->run_hooks('datahandler_login_validate_end', $this); $this->set_validated(true);	$plugins->run_hooks('datahandler_login_validate_end', $this); $this->set_validated(true);
Zeile 250	Zeile 294
return true; }	return true; }
	/** * @return bool true */
function complete_login() { global $plugins, $db, $mybb, $session;	function complete_login() { global $plugins, $db, $mybb, $session;

$user = &$this->login_data; $plugins->run_hooks('datahandler_login_complete_start', $this);	$user = &$this->login_data; $plugins->run_hooks('datahandler_login_complete_start', $this);
Zeile 279	Zeile 326
$remember = -1; }	$remember = -1; }
my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true);	my_setcookie("mybbuser", $user['uid']."_".$user['loginkey'], $remember, true, "lax");
if($this->captcha !== false) { $this->captcha->invalidate_captcha();	if($this->captcha !== false) { $this->captcha->invalidate_captcha();